Primary

Context

Samsung SLocation Improper Access Control Vulnerability Allowing Execution of Privileged APIs

Vulnerability

Patched

A vulnerability exists in the SLocation component of Samsung devices running Android versions 15 and 16, prior to the January 2026 Security Maintenance Release. This vulnerability allows local attackers to execute privileged APIs due to improper access control. The issue has been privately disclosed and the January 2026 SMR includes a patch that addresses this vulnerability by implementing proper access control.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of privileged APIs, potentially allowing local attackers to manipulate system functions or access restricted data.

Remediation

Users can update to the January 2026 Security Maintenance Release to address this vulnerability. This update includes the necessary patch for the improper access control issue in SLocation.

Added: Jan 9, 2026, 7:20 AM

Updated: Jan 9, 2026, 7:20 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.3

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.3

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung SLocation Improper Access Control Vulnerability Allowing Execution of Privileged APIs

Vulnerability

Impact

Remediation

Affected Products

Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating